Advertisement:
NameCheap

Author Topic: Spam accounts bulk creation  (Read 4156 times)

Offline spikeweb

  • Semi-Newbie
  • *
  • Posts: 25
Spam accounts bulk creation
« on: December 10, 2011, 03:55:31 AM »
Hi everybody here,

I use SMF for my photography forum for ... years. For a couple of months, we have massive accounts creation by robots (I guess ?) not passing through the visual captcha identification at the registration page.
What we did to improve filtering was to install Stop Spammer mod which uses the stop spam forum database. This is very convenient as 99,9% of spammers are now blocked.

Nevertheless, we still face that situation where the accounts are created, and we need to purge every day more than 200 accounts. It does not take such a long time, but it is annoying.

Is there any other solution to prevent such accounts creation ? How do the robots can pass through the registration process without being blocked ? Is it possible to filter the register page ?

We use release 1.1.15 and planned to migrate to 2.x within months. URL is http://forum.nikonpassion.com/

Thanks for your answers and nice WE to all of you ;)

Offline Illori

  • Doc Coordinator
  • SMF Master
  • *
  • Posts: 36,772
Re: Spam accounts bulk creation
« Reply #1 on: December 10, 2011, 05:47:56 AM »
have you looked at the anti-spam mods on the mod site?

Offline spikeweb

  • Semi-Newbie
  • *
  • Posts: 25
Re: Spam accounts bulk creation
« Reply #2 on: December 10, 2011, 06:03:49 AM »
Yes, and Stop Spammer is one of them.

I tried Bad Behavior but it does not prevent account creation neither.

It's not so much about spamming as we are able to block these fake accounts, but it is about preventing the bots to register.

Offline Illori

  • Doc Coordinator
  • SMF Master
  • *
  • Posts: 36,772
Re: Spam accounts bulk creation
« Reply #3 on: December 10, 2011, 06:07:43 AM »
well there are other mods that may work better for you then what you have now.

Offline spikeweb

  • Semi-Newbie
  • *
  • Posts: 25
Re: Spam accounts bulk creation
« Reply #4 on: December 10, 2011, 06:12:07 AM »
Which one ?

Offline Illori

  • Doc Coordinator
  • SMF Master
  • *
  • Posts: 36,772
Re: Spam accounts bulk creation
« Reply #5 on: December 10, 2011, 06:13:37 AM »
there are anti-spam verification questions which may do the trick, there is httpbl and many others, just search the mod site pick a few and try them out.

Offline spikeweb

  • Semi-Newbie
  • *
  • Posts: 25
Re: Spam accounts bulk creation
« Reply #6 on: December 10, 2011, 06:18:43 AM »
already tried these, the fact is that bots do create accounts by adressing the URL with parameters and do not pass through the classic registration process. So, verification question has no use, etc.

seems that 1.x has a real security hole ?

Offline Illori

  • Doc Coordinator
  • SMF Master
  • *
  • Posts: 36,772
Re: Spam accounts bulk creation
« Reply #7 on: December 10, 2011, 06:21:20 AM »
that is not possible, they have to use the form to create an account.

Offline spikeweb

  • Semi-Newbie
  • *
  • Posts: 25
Re: Spam accounts bulk creation
« Reply #8 on: December 10, 2011, 11:03:19 AM »
would you like any log to check this ?

using Bad Behaviour, is it possible that the registration page is accessed ?

Offline Illori

  • Doc Coordinator
  • SMF Master
  • *
  • Posts: 36,772
Re: Spam accounts bulk creation
« Reply #9 on: December 10, 2011, 12:06:25 PM »
no idea you would have to ask the mod author.

Offline spikeweb

  • Semi-Newbie
  • *
  • Posts: 25
Re: Spam accounts bulk creation
« Reply #10 on: December 10, 2011, 04:43:08 PM »
Thanks for your answers.

So the fact is it is possible for a bot to create fake accounts in 1.x, and even with the given mods installed, it is still possible.

Any feedback from 2.x users ? Same situation ?

Offline Illori

  • Doc Coordinator
  • SMF Master
  • *
  • Posts: 36,772
Re: Spam accounts bulk creation
« Reply #11 on: December 10, 2011, 04:46:43 PM »
some bots could get by depending on your setup but they would use the registration form anyway they try, but decent anti-spam mods WILL keep them away.

Offline ricteo

  • Semi-Newbie
  • *
  • Posts: 10
Re: Spam accounts bulk creation
« Reply #12 on: December 14, 2011, 06:40:05 AM »
Hi,
Any solutions to this yet?
I am facing this problem too with more than 300 accounts created everyday!!!
HELP!!!

Offline Illori

  • Doc Coordinator
  • SMF Master
  • *
  • Posts: 36,772
Re: Spam accounts bulk creation
« Reply #13 on: December 14, 2011, 07:08:07 AM »
have you checked the anti-spam mods as was suggested in the last post?

MrPhil

  • Guest
Re: Spam accounts bulk creation
« Reply #14 on: December 14, 2011, 09:46:17 AM »
If a bot is able to bypass the registration form (and all the verification questions and captchas, etc.), that's definitely an SMF bug. No installed mod should be able to enable a bypass. Everyone signing up should be going through the proper pages.

Offline Kermit

  • SMF Friend
  • SMF Hero
  • *
  • Posts: 4,365
  • Gender: Male
Re: Spam accounts bulk creation
« Reply #15 on: December 14, 2011, 11:08:54 AM »
If a bot is able to bypass the registration form (and all the verification questions and captchas, etc.), that's definitely an SMF bug. No installed mod should be able to enable a bypass. Everyone signing up should be going through the proper pages.

Bots can be sometimes humans,so in this case there is no way to prevent it
My Mods
Please don't PM/mail me for support,unless i invite you
Formerly known as Duncan85
Quote
"Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe."

A. Einstein

MrPhil

  • Guest
Re: Spam accounts bulk creation
« Reply #16 on: December 14, 2011, 05:36:20 PM »
The OP made the statement
Quote
the fact is that bots do create accounts by adressing the URL with parameters and do not pass through the classic registration process.
If true, SMF has a problem. spikeweb, are you just assuming that bots bypassed the proper registration process (because they got through), or do you have evidence such as host access logs showing this problem?

Quote
Bots can sometimes be humans
Sounds like a new term is needed, for organic bots... liveware, wetware, meatware, XYZware?